High numbers of queries with DNSSEC validation enabled can
cause an assertion failure in named, caused by using a 'bad cache'
data structure before it has been initialized.

BIND 9 stores a cache of query names that are known to be failing due
to misconfigured name servers or a broken chain of trust. Under high query
loads when DNSSEC validation is active, it is possible for a condition
to arise in which data from this cache of failing queries could be used
before it was fully initialized, triggering an assertion failure.

dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

ISC reports:

A bug has been discovered in the most recent releases of
BIND 9 which has the potential for deliberate exploitation
as a denial-of-service attack. By sending a recursive
resolver a query for a record in a specially malformed zone,
an attacker can cause BIND 9 to exit with a fatal
"RUNTIME_CHECK" error in resolver.c.

High numbers of queries with DNSSEC validation enabled can
cause an assertion failure in named, caused by using a 'bad cache'
data structure before it has been initialized.

BIND 9 stores a cache of query names that are known to be failing due
to misconfigured name servers or a broken chain of trust. Under high query
loads when DNSSEC validation is active, it is possible for a condition
to arise in which data from this cache of failing queries could be used
before it was fully initialized, triggering an assertion failure.

Prevents a crash when queried for a record whose RDATA exceeds
65535 bytes.

Prevents a crash when validating caused by using "Bad cache" data
before it has been initialized.

ISC_QUEUE handling for recursive clients was updated to address
a race condition that could cause a memory leak. This rarely
occurred with UDP clients, but could be a significant problem
for a server handling a steady rate of TCP queries.

A condition has been corrected where improper handling of
zero-length RDATA could cause undesirable behavior, including
termination of the named process.